Sunday Shodan defaults

Messing around with Shodan again, its addictive! Found some issues via the recent searches. I didn’t find these, just saw the searches already performed and verified the defaults using vendor web sites:

3com-officeconnect-vpn-firewall-default_pass
3com OfficeConnect VPN Firewall has a default password and is nice enough to tell you when you connect! Kind a defeats the purpose of a security device….

vmax-default
The VMAX Web Viewer (identify via “Server: Boa/0.94.13”) by Digital Watchdog has the manual online showing the default account of ‘admin’ has no password.

cudatel
The CudaTel Communications Server has a default account of ‘admin’ and a default password of ‘admin’.

zywall5-1
zywall5-2
ZyWall Firewalls have a default password of ‘1234’ for the Web Configurator. Even if the password is changed, the system sends the default in the first login connection.

While verifying that default i saw the MultiTech RouteFinder Internet Security Appliance (model RF850 and RF860 and probably more) have a default account of ‘admin’ and default password of ‘admin’.

The SonicWall TZ Series firewalls have a default account of ‘admin’ and a default password of ‘password’.

Tags: ,

Leave a comment